Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method comprising: receiving, at a controller, a forward packet from a selected service engine of a group of service engines, the forward packet originating from a client; creating, by the controller, an entry in a table for indicating a data flow associated with the forward packet, the entry including an identifier of the selected service engine; sending, by the controller, the forward packet to a selected server of a group of servers; receiving, at the controller, a reverse packet from the selected server, the reverse packet including an identifier of the group of service engines and destined for the client; modifying, by the controller, the reverse packet using the entry in the table by replacing the identifier of the group of service engines with the identifier of the selected service engine; and sending, by the controller, the modified reverse packet to the selected service engine, wherein the controller is disposed on a data path between the group of service engines and the group of servers.
This invention relates to network traffic management in systems where service engines and servers communicate with clients. The problem addressed is efficiently routing packets between clients, service engines, and servers while maintaining proper data flow associations. The invention involves a controller positioned on the data path between a group of service engines and a group of servers. The controller receives a forward packet from a selected service engine, where the packet originates from a client. The controller creates an entry in a table to track the data flow associated with this packet, storing an identifier of the selected service engine. The forward packet is then sent to a selected server. When the controller receives a reverse packet from the server, destined for the client and containing an identifier of the group of service engines, it modifies the packet by replacing the group identifier with the specific service engine identifier from the table entry. The modified reverse packet is then sent to the selected service engine. This ensures that return traffic is correctly routed back to the originating service engine, maintaining proper data flow associations without requiring additional coordination between the service engines and servers. The controller's role in managing these associations simplifies traffic management in distributed systems.
2. The method of claim 1 , further comprising: identifying, by the controller, the identifier of the selected service engine from the entry in the table to apply to the reverse packet.
A system and method for processing network packets in a service engine environment involves dynamically selecting and applying service engines to packets based on predefined rules. The system includes a controller that maintains a table mapping packet attributes to service engine identifiers. When a packet is received, the controller inspects the packet to determine its attributes, such as source or destination address, protocol type, or port number. The controller then queries the table to identify the appropriate service engine for processing the packet. The selected service engine is applied to the packet, performing operations such as filtering, load balancing, or encryption. For reverse packets, the system identifies the service engine used for the original packet and applies the same service engine to ensure consistent processing. This approach ensures that packets and their corresponding responses are handled by the same service engine, maintaining stateful operations and improving network performance. The method supports dynamic updates to the table, allowing for flexible and scalable service engine management in network environments.
3. The method of claim 1 , further comprising: identifying, by the controller, a data flow associated with the reverse packet based on one or more identifiers included in the reverse packet; verifying, by the controller, a correspondence between the data flow associated with the reverse packet and the data flow associated with the forward packet indicated by the entry in the table; and upon verifying the correspondence, determining, by the controller, the identifier of the selected service engine using the entry in the table.
A system and method for processing network packets in a service chaining environment involves managing the routing of packets through multiple service engines, such as firewalls, load balancers, or intrusion detection systems, in a specific sequence. The problem addressed is ensuring that packets are correctly routed through the intended sequence of services while maintaining performance and scalability in high-traffic networks. The method includes receiving a reverse packet, which is a response to a previously transmitted forward packet, and identifying a data flow associated with the reverse packet using one or more identifiers in the packet. The system then verifies that the data flow of the reverse packet matches the data flow of the corresponding forward packet by checking an entry in a lookup table. This table stores mappings between data flows and the sequence of service engines assigned to process them. If the correspondence is confirmed, the system determines the identifier of the next service engine in the sequence for the reverse packet using the table entry. This ensures that the reverse packet follows the same service chain as the forward packet, maintaining consistent processing and security policies. The approach improves network efficiency by dynamically associating reverse packets with their corresponding forward packets and ensuring proper routing through the service chain, reducing misrouting and improving service reliability.
4. The method of claim 1 , wherein the group of service engines comprises a cluster of load balancers of a virtual data center.
This invention relates to load balancing in virtual data centers. The problem addressed is efficiently distributing network traffic across multiple service engines to optimize performance and reliability. The invention involves a method for managing a group of service engines, where the group includes a cluster of load balancers within a virtual data center. These load balancers distribute incoming network traffic across multiple servers or resources to prevent overload and ensure high availability. The method dynamically adjusts load distribution based on real-time conditions, such as server health, traffic volume, and resource utilization. The load balancers may use algorithms like round-robin, least connections, or IP hash to determine the optimal distribution path. The system also monitors performance metrics to detect and mitigate failures, rerouting traffic as needed. The cluster of load balancers operates within a virtualized environment, allowing for scalable and flexible deployment. This approach enhances system resilience, reduces latency, and improves overall efficiency in handling network requests. The invention is particularly useful in cloud computing and virtualized infrastructure where dynamic workloads require adaptive load balancing solutions.
5. The method of claim 1 , wherein the group of service engines comprises a plurality of physical devices configured as a single logical entity.
A system and method for managing service engines in a networked computing environment addresses the challenge of efficiently distributing and coordinating tasks across multiple physical devices while maintaining a unified logical interface. The invention involves a group of service engines, which are physical devices, configured to operate as a single logical entity. This logical entity presents a unified interface to external systems, simplifying integration and management while allowing the underlying physical devices to handle workload distribution, redundancy, and scalability. The service engines may perform various functions such as data processing, network routing, or application hosting, with the logical entity ensuring seamless coordination between them. The system dynamically allocates tasks among the physical devices based on factors like load balancing, fault tolerance, or performance optimization. This approach enhances reliability, as the failure of one physical device does not disrupt the overall service, and improves scalability by allowing additional devices to be added without modifying the logical interface. The invention is particularly useful in cloud computing, distributed systems, or high-availability environments where maintaining a consistent service interface while leveraging multiple physical resources is critical.
6. The method of claim 1 , wherein the group of servers comprises a group of virtual machines.
A system and method for managing a group of servers, particularly where the servers are implemented as virtual machines. The technology addresses the challenge of efficiently distributing and managing computational workloads across multiple servers, especially in virtualized environments where resources are dynamically allocated. The method involves coordinating the operation of a group of virtual machines to perform tasks such as data processing, load balancing, or service provisioning. The virtual machines may be hosted on one or more physical servers, allowing for flexible resource allocation and scalability. The method ensures that tasks are distributed efficiently across the virtual machines, optimizing performance and resource utilization. This approach is particularly useful in cloud computing environments, where virtual machines are commonly used to provide scalable and on-demand computing resources. The system may include mechanisms for monitoring the status of the virtual machines, dynamically adjusting resource allocation, and ensuring high availability and fault tolerance. By leveraging virtual machines, the system can adapt to changing workload demands, improve resource efficiency, and reduce operational costs.
7. The method of claim 1 , wherein the identifier of the group of service engines comprises a default gateway address directed to the group of service engines.
A system and method for managing network traffic routing involves directing requests to a group of service engines using a default gateway address as an identifier. The default gateway address serves as a unified entry point for routing network traffic to the group, allowing efficient load distribution and failover handling. The method includes receiving a request at the default gateway, determining the appropriate service engine within the group to handle the request, and forwarding the request accordingly. This approach simplifies network configuration by eliminating the need to individually address each service engine, reducing complexity and improving scalability. The system may also include mechanisms for monitoring the health of service engines and dynamically adjusting routing to maintain high availability. The default gateway address can be configured to support various protocols and traffic types, ensuring compatibility with different network environments. This method is particularly useful in cloud computing, data centers, and enterprise networks where efficient traffic management is critical.
8. The method of claim 1 , wherein the controller comprises a hypervisor.
A system and method for managing virtualized computing environments involves a controller that includes a hypervisor. The hypervisor enables the creation, management, and execution of multiple virtual machines (VMs) on a single physical host. Each VM operates independently with its own operating system and applications, sharing the host's hardware resources. The hypervisor abstracts the underlying hardware, allowing VMs to run in isolation while efficiently utilizing the host's CPU, memory, and storage. This approach improves resource utilization, security, and flexibility in computing environments. The controller with the hypervisor dynamically allocates resources to VMs based on demand, ensuring optimal performance and scalability. The system may also include monitoring and management tools to oversee VM operations, detect issues, and apply updates or configurations. The hypervisor-based controller supports various virtualization techniques, including full virtualization, paravirtualization, and containerization, depending on the use case. This method enhances the efficiency and reliability of virtualized systems by centralizing control and management functions within the hypervisor.
9. The method of claim 1 , wherein sending the forward packet to the selected server comprises sending the forward packet to the selected server over a layer-2 (L2) network.
This invention relates to network packet forwarding in a distributed computing environment, specifically addressing the challenge of efficiently routing packets to selected servers within a network. The method involves selecting a server from a pool of available servers based on predefined criteria, such as load balancing or proximity, and then forwarding a packet to the chosen server. The key innovation lies in the use of a layer-2 (L2) network for this forwarding process, which operates at the data link layer of the OSI model. L2 networks enable direct communication between devices on the same network segment, reducing latency and improving efficiency compared to higher-layer protocols. The method ensures that packets are transmitted over the L2 network, leveraging its characteristics for faster, more reliable server-to-server communication. This approach is particularly useful in data centers or cloud computing environments where low-latency, high-throughput communication is critical. The invention optimizes network performance by minimizing the overhead associated with higher-layer protocols and ensuring that packets are routed directly to the intended server without unnecessary hops or delays.
10. The method of claim 1 , wherein the identifier of the group of service engines and the identifier of the selected service engine comprise MAC addresses.
This invention relates to a system for managing service engines in a network environment, specifically addressing the challenge of efficiently identifying and selecting service engines for processing network traffic. The method involves assigning unique identifiers to both a group of service engines and individual service engines within the network. These identifiers are used to facilitate communication and coordination between the service engines and other network components. The identifiers for the group and the selected service engine are implemented using MAC (Media Access Control) addresses, which provide a standardized and reliable way to uniquely identify network devices. By using MAC addresses, the system ensures accurate and efficient routing of network traffic to the appropriate service engines, improving network performance and reducing latency. The method also supports dynamic selection of service engines based on their identifiers, allowing for flexible and scalable network management. This approach enhances the reliability and efficiency of service engine operations in complex network architectures.
11. A controller comprising: one or more processors; a non-transitory memory for storing program instructions; the one or more processors being configured to execute the program instructions for: receiving a forward packet from a selected service engine of a group of service engines, the forward packet originating from a client; creating an entry in a table for indicating a data flow associated with the forward packet, the entry including an identifier of the selected service engine; sending the forward packet to a selected server of a group of servers; receiving a reverse packet from the selected server, the reverse packet including an identifier of the group of service engines and destined for the client; modifying the reverse packet using the entry in the table by replacing the identifier of the group of service engines with the identifier of the selected service engine; and sending the modified reverse packet to the selected service engine, wherein the controller is disposed on a data path between the group of service engines and the group of servers.
This invention relates to network traffic management in systems where client requests are processed by service engines before being routed to servers, and server responses must be routed back through the same service engines. The problem addressed is ensuring that reverse traffic from servers is correctly directed to the originating service engines, which is critical for maintaining session consistency and proper load balancing. The system includes a controller positioned between a group of service engines and a group of servers. The controller receives a forward packet from a client via a selected service engine and creates a table entry associating the data flow with the selected service engine's identifier. The forward packet is then sent to a selected server. When the controller receives a reverse packet from the server, it checks the table entry and modifies the packet by replacing the group identifier with the specific service engine identifier. The modified reverse packet is then sent to the correct service engine, ensuring proper routing. This mechanism maintains session persistence and load balancing by ensuring that return traffic follows the same path as the initial request. The controller's placement on the data path between service engines and servers enables real-time traffic management and efficient routing decisions.
12. The controller of claim 11 , wherein the one or more processors are further configured to execute the instructions for: identifying, from the entry in the table, the identifier of the selected service engine to apply to the reverse packet.
This invention relates to network packet processing, specifically optimizing the handling of reverse packets in a network system. The problem addressed is efficiently routing reverse packets (packets returning from a destination back to the source) through a network by leveraging pre-existing service engines. A service engine is a processing unit that applies specific functions to packets, such as security checks, load balancing, or protocol translation. The invention involves a controller with one or more processors that manage a table mapping packet identifiers to service engines. When a reverse packet is received, the controller identifies the service engine previously used for the corresponding forward packet by querying this table. The identified service engine is then applied to the reverse packet, ensuring consistent processing. This approach avoids redundant processing and improves network efficiency by reusing the same service engine for both forward and reverse traffic flows. The table includes entries that associate packet identifiers with service engine identifiers, allowing quick lookup. The controller dynamically updates the table as new service engines are assigned to packets. This method ensures that reverse packets follow the same processing path as their forward counterparts, maintaining network consistency and performance. The invention is particularly useful in systems where bidirectional traffic requires uniform handling, such as in load balancers, firewalls, or virtualized network environments.
13. The controller of claim 11 , wherein the controller comprises a hypervisor.
A system for managing virtualized computing environments addresses the challenge of efficiently allocating and monitoring computational resources across multiple virtual machines (VMs). The system includes a controller that dynamically assigns processing, memory, and storage resources to VMs based on workload demands, ensuring optimal performance and resource utilization. The controller monitors VM performance metrics, such as CPU usage, memory consumption, and network traffic, to detect bottlenecks or inefficiencies. When resource contention occurs, the controller reallocates resources or adjusts VM priorities to maintain system stability. The controller also enforces security policies, isolating VMs to prevent unauthorized access or data breaches. Additionally, the controller supports live migration of VMs between physical hosts without downtime, enabling seamless maintenance and load balancing. In one embodiment, the controller includes a hypervisor, a software layer that abstracts hardware resources and enables the creation and management of VMs. The hypervisor virtualizes hardware components, allowing multiple VMs to share a single physical machine while maintaining isolation and security. The hypervisor also manages VM lifecycle operations, such as creation, suspension, and termination, ensuring efficient resource allocation and system stability. This system improves resource efficiency, scalability, and security in virtualized environments.
14. The controller of claim 11 , wherein the group of service engines comprises a cluster of load balancers.
A system for managing network traffic includes a controller that dynamically allocates service engines to handle incoming data packets. The service engines are distributed across a network and are responsible for processing and forwarding the packets. The controller monitors the load and performance of each service engine and adjusts their allocation to optimize traffic distribution. This system addresses the problem of inefficient traffic management in large-scale networks, where static configurations often lead to bottlenecks or underutilized resources. The controller includes a load-balancing mechanism that distributes traffic across multiple service engines to prevent overload and ensure high availability. The service engines may be organized into a cluster of load balancers, which further enhances the system's ability to handle varying traffic loads. The load balancers within the cluster work together to distribute incoming requests evenly, reducing the risk of any single engine becoming a point of failure. The controller continuously assesses the performance metrics of each service engine and reallocates traffic as needed to maintain optimal efficiency. This dynamic approach improves scalability and reliability in network operations.
15. The controller of claim 11 , wherein the group of servers comprises a group of virtual machines.
A system for managing server resources in a computing environment addresses the challenge of efficiently distributing workloads across multiple servers to optimize performance and resource utilization. The system includes a controller that monitors and allocates tasks to a group of servers based on their current load and capabilities. The controller dynamically adjusts task distribution to prevent overloading any single server and ensures balanced resource usage. In one implementation, the group of servers includes a collection of virtual machines, allowing for flexible scaling and resource allocation. The controller may also prioritize tasks based on their importance or urgency, further enhancing system efficiency. This approach improves overall system performance by reducing latency and maximizing throughput while maintaining stability. The system is particularly useful in cloud computing environments where workloads vary dynamically, and resource allocation must adapt in real-time to changing demands. By leveraging virtual machines, the system can quickly scale resources up or down as needed, ensuring optimal performance without manual intervention. The controller's ability to manage virtual machines as part of the server group provides additional flexibility in resource management, allowing for efficient handling of diverse workloads.
16. The controller of claim 11 , wherein the identifier of the group of service engines comprises a default gateway address directed to the group of service engines.
A system for managing network traffic in a distributed computing environment addresses the challenge of efficiently routing data packets to a group of service engines. The system includes a controller that assigns a default gateway address to a group of service engines, where the default gateway address serves as an identifier for the group. This allows network devices to direct traffic to the group without needing individual addresses for each service engine. The controller dynamically assigns service engines to the group based on factors such as load balancing, availability, or performance metrics. The system ensures that traffic is distributed efficiently across the group, improving scalability and reliability. The default gateway address simplifies network configuration by acting as a single point of contact for the group, reducing complexity in routing and management. The controller may also monitor the group's performance and adjust assignments to maintain optimal traffic distribution. This approach enhances network efficiency by minimizing latency and maximizing resource utilization.
17. A non-transitory computer-readable storage medium storing thereon computer-readable instructions which are executable by one or more processors of a controller, the computer-readable instructions comprising: instructions for receiving a forward packet from a selected service engine of a group of service engines, the forward packet originating from a client; instructions for creating an entry in a table for indicating a data flow associated with the forward packet, the entry including an identifier of the selected service engine; instructions for sending the forward packet to a selected server of a group of servers; instructions for receiving a reverse packet from the selected server, the reverse packet including an identifier of the group of service engines and destined for the client; instructions for modifying the reverse packet using the entry in the table by replacing the identifier of the group of service engines with the identifier of the selected service engine; and instructions for sending the modified reverse packet to the selected service engine, wherein the controller is disposed on a data path between the group of service engines and the group of servers.
This invention relates to network traffic management, specifically handling data flows between clients, service engines, and servers. The problem addressed is efficiently routing reverse traffic (server-to-client) in a system where multiple service engines and servers are involved, ensuring proper delivery while maintaining performance and scalability. The system includes a controller positioned between a group of service engines and a group of servers. When a forward packet (client-to-server) is received from a selected service engine, the controller creates an entry in a table to track the data flow, storing the selected service engine's identifier. The forward packet is then sent to a selected server. Upon receiving a reverse packet (server-to-client) from the server, the controller checks the table and modifies the reverse packet by replacing the group identifier with the specific service engine identifier. The modified reverse packet is then forwarded to the correct service engine, ensuring proper routing back to the client. This approach optimizes traffic flow by dynamically associating reverse packets with the correct service engine, improving efficiency in distributed network architectures. The controller's role in managing these associations ensures accurate and timely delivery of data.
18. The non-transitory computer-readable storage medium of claim 17 having computer-readable instructions further comprising: instructions for identifying, from the entry in the table, the identifier of the selected service engine to apply to the reverse packet.
This invention relates to network packet processing, specifically optimizing the handling of reverse packets in a network system. The problem addressed is efficiently determining which service engine should process a reverse packet, particularly in systems where multiple service engines are available. The solution involves a table that maps packet identifiers to corresponding service engines, allowing quick lookup and routing of reverse packets to the correct engine without redundant processing. The system includes a table that stores entries, each containing an identifier of a service engine and an identifier of a packet. When a reverse packet is received, the system searches the table to find the entry matching the reverse packet's identifier. The identifier of the selected service engine from the matching entry is then used to route the reverse packet to the appropriate service engine for further processing. This ensures that reverse packets are consistently processed by the same service engine that handled the original packet, maintaining state consistency and improving efficiency. The table may be dynamically updated to reflect changes in service engine assignments or packet processing requirements. The system may also include mechanisms to handle cases where no matching entry is found, such as default routing or error handling. This approach reduces latency and computational overhead by avoiding unnecessary lookups or re-processing of packets. The invention is particularly useful in high-performance networking environments where rapid and accurate packet routing is critical.
19. The non-transitory computer-readable storage medium of claim 17 , wherein the identifier of the group of service engines comprises a default gateway address directed to the group of service engines.
A system and method for managing network traffic routing in a distributed computing environment involves dynamically assigning and managing service engines to handle specific tasks. The system includes a controller that monitors network traffic and identifies groups of service engines capable of processing particular types of requests. Each group of service engines is assigned a unique identifier, which serves as a default gateway address for routing traffic to that group. The controller dynamically updates the routing information based on the availability and performance of the service engines, ensuring efficient load balancing and fault tolerance. The system also includes mechanisms for detecting failures within the service engine groups and rerouting traffic to alternative groups to maintain service continuity. The identifier for each group of service engines is used to direct incoming requests to the appropriate group, optimizing network performance and reducing latency. The system is designed to operate in environments where multiple service engines must collaborate to process complex tasks, such as in cloud computing or distributed data processing systems. The dynamic assignment of default gateway addresses ensures that traffic is routed efficiently, even as the composition of service engine groups changes over time.
20. The non-transitory computer-readable storage medium of claim 17 , wherein the group of service engines comprise a cluster of load balancers of a data center, and wherein the group of servers comprises a group of virtual machines.
This invention relates to a system for managing network traffic in a data center environment. The system addresses the challenge of efficiently distributing incoming network requests across multiple servers to optimize performance and resource utilization. The solution involves a non-transitory computer-readable storage medium containing instructions that, when executed, configure a group of service engines to dynamically allocate network traffic to a group of servers. The service engines operate as a cluster of load balancers, which distribute incoming requests to a group of virtual machines (VMs) within the data center. The load balancers analyze network traffic patterns and server availability to ensure balanced distribution, minimizing latency and maximizing throughput. The system also includes mechanisms for monitoring server health and adjusting traffic allocation in real-time to handle failures or changes in demand. By leveraging virtual machines, the system provides flexibility in scaling resources up or down based on workload requirements. The overall approach improves efficiency, reliability, and responsiveness in data center operations.
Unknown
March 10, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.